New Android malware goes on a shopping spree

27.07.2012

MMarketPay.A automatically orders paid apps

Experts at G Data Security Labs have discovered a new type of Android malware that downloads paid apps without the knowledge of the smartphone or tablet user. The malware is hidden in fake GO Weather, Travel Sky or E-Strong File Explorer apps and is being distributed through various Chinese websites and third-party provider app marketplaces. At the moment, the perpetrators are targeting customers of the world's largest mobile provider, China Mobile. The Trojan gains access to the mobile provider's app store and can then download and install additional malware or paid apps. G Data SecurityLabs thinks it might spread to Europe.

Online criminals have been using the Android malware MMarketPay.A as a new way of making money from e-crime. Previously, malware writers had been focusing on the theft of personal data, spy attacks and sending premium-rate SMS. Now they have managed to gain access to a mobile provider's app store for the first time. To do this, the malware changes the mobile device's access point name (APN) and connects to China Mobile. Access points on tablets and smartphones are usually used by mobile providers to provide system updates, for example. Here, the Trojan intercepts the confirmation message and provides a response via a special server.

The malware can thus access China Mobile's app store without logging in, then purchase and install any apps at the victim's expense at any time.

"We are watching the development of a new and lucrative business model for cyber criminals here. MMarketPay.A has launched a new strain of harmful apps onto the market that are aimed at stealing money", explains Ralf Benzmüller, head of G Data SecurityLabs. "Hence we think it is quite possible that a modified version of this malicious app will appear in Europe and target the customers of European mobile providers."

Screenshot: The perpetrators have infected this fake GO Weather app with MMarketPay.A, which then goes on a shopping spree without the knowledge of the user.




Security tips for Android users:

-    Use an effective, comprehensive security solution that thoroughly protects the mobile device.

-    Always install updates to keep your operating system and the programs and applications you use fully up-to-date. This closes security loopholes that cyber criminals could otherwise exploit for attacks.

-    Only get your apps from trustworthy sources, e.g. from Google Play for Android devices and from provider websites. When you choose applications, pay attention to how often they have been downloaded. The more times an application has been downloaded, the more trustworthy it is. You should also check what authorisations these apps have. Be careful with applications that can, for example, initiate calls or send text messages. In general, you should only install apps that you really need.

-    Ignore messages of unknown origin on your smartphone or tablet. Users who like to play it safe can usually check online whether these messages are correct, or call their provider's customer service.

-    Check your phone bill. If it includes charges for services that you have not used, you might be a victim of fraud.


For more information, see the G Data SecurityBlog: blog.gdatasoftware.com/blog/article/new-android-malware-goes-on-a-shopping-spree-at-your-expense.html